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Abstract 



We introduce a proof system for Hajek's logic BL based on a rela- 
tional hypersequents framework. We prove that the rules of our logical 
C/3 , calculus, called RHBL, are sound and invertible with respect to any val- 

nation of BL into a suitable algebra, called (cj)[0, 1]. Refining the notion 
of reduction tree that arises naturally from RHBL, we obtain a decision 
algorithm for BL provability whose running time upper bound is 2*^'"^ 
^ ' where n is the number of connectives of the input formula. Moreover, if 

, a formula is unprovable, we exploit the constructiveness of a polynomial 

0^ ' time algorithm for leaves validity for providing a procedure to build coun- 

' termodels in (cj)[0, 1]. Finally, since the size of the reduction tree branches 

^ ! is O(n^), we can describe a polynomial time verification algorithm for BL 

' unprovability. 

o 

^ ■ 1 Introduction 

A i-norm is a binary operation on [0, 1] that is associative, commutative, weakly 
increasing and has 1 as unit. Given a f-norm the associated residuum is the 
binary operation x — >* y = max{z : z * x < y} and the associated t-algebra is 
' the algebra [0, 1]* — ([0, 1], *, 0). For each i-norm *, L* is the propositional 

logic on the connectives 0,— > and the constant _L, respectively interpreted on 
[0, 1]* as *, ^* and 0. The tautologies of L* are the formulas evaluating to 1 
on [0, 1]* under any valuation of the variables in [0, 1]. 

In this paper we study the proof-theoretical and proof complexity properties 
of a proof search system for Hajek's Basic Logic BL |Haj98| (see Definition 12. 21 
for BL axioms). As shown in CEGTOO , BL is the logic of all continuous t- 
norms and their residua, that is, a formula A is a tautology of BL if and only 
if, for all continuous i-norms *, A is a tautology of L*. Moreover, as shown 
in ^BHM V02 , the unprovability problem of BL is NP-complete, hence the 
provability problem of BL is decidable. 
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The proof-theoretical coverage of continuous i-norm based logics is not ho- 
mogeneous. On the one hand, a variety of logical calculi has been proposed 
for the fundamental schematic extensions of BL, namely Lukasiewicz logic L, 
Product logic 11, Godel logic G. On the other hand, the lack of a natural logical 
calculus for BL is a recurrent remark in the literature (CFM04] . In |Agu04| a 
general method for deriving routinely a sequent calculus sound and complete for 
BL (and generally for any continuous t-norm based logic) is presented, but it 
seems unsuitable for proof search, due to the huge branching factor of the proof 
trees generated. Therefore, as far as we know, the only proof system for BL 
suitable for proof search is the tableaux calculus presented in |MPT03j . called 
TBL. 

Unfortunately, we recently discovered a counterexample in TBL, finding 
that the residuation axiom (A5) of BL is unprovable in TBL, or, equivalently, 
that the leaf of a branch of the TBL reduction tree of (A5) is not an axiom. 

For instance, the following branch of the TBL reduction tree of (A5): 



... C < A,C < B,A <T,B <T 

— (<,0,i) 

... C < AQ B,C < B,A < T,B < T 

(^,0:i) 

... C<AQB,C<B,(AQB + 1 + C^C + 1 + A) + 

^=^= 

C < AQ B,(AQ B + 1 + B ^ C < C + 1 + A) + 

^=^= (^.-.i) 

C < AQ B,{A ^ {B ^ C) + AQ B ^ C + 1)-^ 

A ^ (B ^ C) < (AQ B) ~* C 

(= T,-*) 

{A~.{B^ C)) ^{{AQB) ^C) = T 

has a leaf that is not an axiom. In fact, the leaf corresponds to the disjunction 
ofCo^, C <] B, A < T and B < T, and its negation, corresponding to the 
conjunction oiC<iA, C<iB,A = T and B = T, is satisfied by any valuation 
of BL into (w)[0, 1] satisfying A = B = TeC<T. 

Instead of making the necessary changes to TBL, we tried to present an 
alternative and more efficient proof system for BL, called RWBL. From the 
proof-theoretical point of view, the kernel of our proof system is a relational 
hypersequents calculus, called RHBL, based on the promising approach that 
produced uniform rules for L, U and G |CFM04| . The calculus is sound and 
complete and, interestingly, it allows for automatic proof search, being cut free 
and having the subformula property. From the proof complexity point of view, 
we remark that, if a formula A has n connectives, the proof tree of A in RWBL 
has height at most n. This fact lowers immediately the upper bounds derivable 
from TBL, with respect to both the provability and the unprovability problems 
of BL. Specifically, the upper bound on the size of a certificate of provability 
of A is 2'^(") (compared with the 2°("') and 2°("') bounds implicit in |Agu04| 
and 'MPT03 respectively) and the upper bound on the size of a certificate 
of unprovability of A is 0{n) as in |Agu04| (compared with the O(n^) bound 
presented in MP T03| ). The time complexity of the algorithms for searching and 
verifying BL proofs follows immediately from these bounds, being dominated 
by the proof size. 
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The paper is organized as follows. In Section 13 we outline the algebraic 
foundations of our semantic-based proof system. In Section |3| we introduce 
the relational hypersequents calculus RHBL and the reduction tree framework 
RWBL. In Section 0] we describe a polynomial time algorithm for checking 
the validity of the leaves of a reduction tree. In Section |31 we show that our 
proof system is sound and complete for BL and we study its computational 
complexity. 



2 Preliminaries 

Definition 2.1 (formula). The set of formulas is the smallest set F such that 
± e F, {p, : i e N} C F and, if A, A' e F, then {A A'), {A A') e F. The 
complexity c{A) of a formula A is the number of connectives occurring in A. 

In the sequel, we write T for ± ^ ± and o denotes an arbitrary connective. 
Moreover, we say that B is more complex than A, A <c B, if c{A) < c{B) or 
c{A) = c{B) but A <iex B, assuming a lexicographical order over the underlying 
alphabet. 

Definition 2.2 (BL). Let A,B,C e F. The theory of BL ts defined by the 
modus ponens deduction rule and the axiom schemata 

(Al) {A^B)^ {{B -^C)^{A^ O) 

(A2) {AqB)^A 

(A3) {AqB)~^{BQ A) 

(A4) (A (A ^ B)) ^{BQ{B^ A)) 

(A5) {{A^{B^C))^{{AGB)^C)) 

(A6) {{A -^B)^C)^ {{{B -^A)^C)^C) 

(A7) _L^A 

A proof of a formula A in BL is a sequence (Ai, . . . , An) of n formulas, n G N, 
such that An — A and, for all i — \, . . . ,n, Ai is a BL axiom or Ai is the result 
of a modus ponens application to formulas Aj,Ak, where j,k < i. A formula 
A is a BL theorem if there is a proof of A in BL (we write BL \- A). 

Definition 2.3 ((ti>)[0, 1] algebra). The algebra (w)[0, 1] is the algebra on the 
support [0, +oo] equipped with the operations and the constants 0, +oo, 
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where * and are respectively defined by 




min{x, y) if \x\ ^ \_y\ 

max{ lx\ ,x + y— [xj — 1) if \_x\ = \_y\ < +00 

+00 if X = y ^ +00 

y if [y\ < [x\ 

lx\ + 1 — X + y if lx\ — ly\ and y < x 

+00 if X < y 



where \x\ denotes the lower integer part of x and [+00J = +00. 

Definition 2.4 (valuation). LetA,B £ F. A valuation (of BL into {uj)[0, 1]) 
is a function v such that w(-L) = 0, v{pn) £ [0, +c)o], v{A Q B) — v{A) * v{B) 
and v{A B) = v{A) v{B). 

Let v{A) — v{A) — Yv{A)\ . In the sequel, we say that (the type of) a valuation 
V with respect to a pair of formulas {A,B) is: 0i, if L^(A)J < \v{B)\; 02, if 
[v{B)\ < [v{A)\; 03, if [v{A)\ = [v{B)] < +00 and 1 < v{A)+v{B); 04, 
if [v{A)\ = [v{B)\ < +00 and v{A) +v{B) < 1; 05, if v{A) = v{B) = +00; 
^1, if lviB)\ < lv{A)\; ^2, if lv{A)\ = L«(B)J and viB) < t.(A); ^3, if 
v{A) < v{B). 

Fact 2.1. Let A, B £ F and v be a valuation of BL into (w)[0, 1]. Then, there 
is exactly one i € {1, 2, 3, 4, 5} such that v is Qi with respect to {A, B) and there 
is exactly one i G {1,2,3} such that v is with respect to {A,B). Moreover, 
if \v{A)\ = [v{B)\, then \y{AQB)\ ^ \ v{A)\ = \ v{B)\, and \ v{A B)\ = 
[v{A)\ = \v{B)\ or [v{A B)\ ^ +00. 

The proof system we will introduce in the next section relies on the following 
characterization of BL provability IMPT03j . 

Theorem 2.1. Let A G F. Then, BL \~ A if and only if for every valuation v 
of BL into (w)[0, 1], v{A) = +00. 

3 Logical Rules and Reduction Trees 

Definition 3.1 (relational hypersequent). A BL relational sequent has the 
form r < A, where, o G {<C, ~<z' z G Z}, T and A are finite multisets of 
formulas and, if <\ is <S^, then \T\ < 1 and |A| < 1. A BL relational hypersequent 
is a finite set of BL relational sequents of the form Ti <ii Ai | . . . |r„ <„ A„, and 
is the empty relational hypersequent. The set of BL relational hypersequents 
is called RH. A relational hypersequent is called irreducible if all its formulas 
are atomic. 

In the sequel, <i G {^, =^2, -<z- z G Z} and we write < for <o- 
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Definition 3.2 (satisfaction, validity). Let G S RH be determined as in 
Definition and v be a valuation. Then, v satisfies G, v \^ G, if, for some 
i — 1, . . . ,n: 

(i) <ij Ai is A<^B and \ v{A)\ < [v{B)\; 

(a) Ti <ii Ai is A ^ B and both the following conditions hold 

[viA)] = [viB)\ (3.1) 
v{A) < v{B) (3.2) 

and similarly for -< and < instead of =^ and < respectively; 

(Hi) Ti <ii Ai is Ai, . . . , An =^z Bi, ■ ■ ■ , B„i, where n,m > 0, n + m > 2 and, if 
n + m — 2, then z ^ 0. Moreover, both the following conditions hold 

lv{Ai)\ = ...= L«(A„)J = L«(Bi)J - . . . = lv{Bm)\ < +CX) (3.3) 
v{Ai) + ... + v{An) - n< v{Bi) + ... + v{Bm) -m + z (3.4) 

and similarly for ~< and < instead of =4 and < respectively. 

The hypersequent G is valid for BL, N G, if, for all valuations v, v \^ G. 

We remark that condition H3.3|l is stronger than condition (|3.1|) . since it 
requires integer parts less than +oo. We observe that, given a valuation v, 

V satisfies A ^ T only if v{A) < +oo and v satisfies A =4 T|T =^ A only if 
v{A) = +00. Moreover, T^A, T^A, A^T and arc unsatisfiable and 
T -< A\A -< T|T =^ A\A =^ T is equivalent to T ^ A. 

Representing the negation of a relational hypersequent G by G simplifies the 
notation of implications. For instance, the implication G =^ G' is represented 
by G|G'. 

Notation 3.1. We introduce the following abbreviations: A < B = A 'l^, B\A =<; 
B; A B = A ^ B\B =4 A; A^B = A^ B\B ^ A\B < A; A<B = B < 
A\B < A; A^B = ^ < B\B < A\B < A; A ^ B = ^ < B\B ^ A\B < 
A; A^ B = A ^ B\B < A; A,B = A - B\A < T\B < T\A,B 
A,B-<-i = Z^|A<T|B<T| =^1 A, B. 

Fact 3.1. Let A, B G F and v be a valuation. Then: v \= A < B if and only 
ifv{A) < v{B); A^ B if and on ly if lv{A)\ = [v{B)\; v N A B if and 
only if [v{B)\ < [viA)\; v N A<B if and only if v{B ) < v{A ); v N A^B 
if and only if L"(^)J ^ [v{B)\ or v{B) < v{A); v ^ A ~i B if and only if 
lv{ A)\ ^ lv iB)\ or v{B) < v{A); v N A ~ S if and only if [w(A)J ^ lviB)\; 

V \= A, B if and only if \y(A)\ ^ \y{B)\ or v{A) — +oo or v{B) ~ +oo or 
v{A) +v{B) < 1; ?; 1= A,B -<_i if and only if lv{A)\ ^ lv{B)\ or v{A) = +oo 
or v{B) = +00 or 1 < v{A) +v{B). 

Let H be an arbitrary relational hypersequent. Go; be relational hyperse- 
quents which will be specified in the sequel, F, A be arbitrary finite multisets 
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of formulas and and A,BeF. We define the relational hypersequents calculus 
RHBL as a set of logical rules having one of the following forms: 



^ fJ|A«B|GQj ff|i3<A|GQ2 H\^i A. B\Gq^ H\A, B ^_i\Gq^ ff | T ^ A | T ^ B | Gq j. 

if |r, A B < A 



ff |A < B|Gq^ g|B < ^|G02 -"Nl ^. g|G03 g|A, B ^_i|Gq^ H|T ^ A|T =^ -^1^05 
(©t^.T-) ^ (3-6) 



-B|r 4 A B, A 



(^. <1. !) 



H\B « A|G^j H\B -< A|G^2 B|A < BIG-,3 

H\r, A B < A 
H\B < A|G_j H\B -< A|G^2 ff |A < SjG^j 

-H"|r o A ^ B, A 



(3.7) 
(3.8) 



With respect to (|3.5|I - H3.8|I above, we introduce the following terminology. 
The relational hypersequents above are respectively called premises (of type) 
O]^, . . . , o„, the relational hypersequent below is called conclusion, the formula 
Ao B is called pivot and H is called side relational hypersequent of the logical 
rule. With respect to the premise Oj of a logical rule, the overlined relational 
hypersequent is called antecedent (oj) and Go^ is called consequent (oj) of the 
premise. Notice that, for reasons that will become apparent in Definition 
we regard the premise of a rule as a relational hypersequents tuple, ordered by 
occurrence from left to right. 

Definition 3.3 (RHBL). The relational hypersequent calculus RHBL con- 
tains the following rules (we omit the side relational hypersequent of the rules 
and we abbreviate the antecedent of the premise Oj with loi)'- 



, „ J0J^<C /02|B«C J03|A<(7 /0jA«C /q, 
AQB<t.C 

/0j(7<A Iq^\C<.B /03|C<A /0jC<A /05|C< 



ir A 

(0,<1,O 
(0,<,r) 



C < A0B 
/-,i|B<S(7 I^^\A<^C /^3 
A B < C 
/^i|C<B /^2|(7<A /_.3|(7<T 



C < A ^ B 

/0i|r,A<]A /02|r, B<iA 703|r,A, B<iA /0jr,A,B<i+i A,B, A 70^ 

r,A0B<A 

/0jA<3A,r /0jA<iB,r /03|A<iA,B,r /0jA,A,B<i_i A,B,r /05 



A<]A©B,r 
/^i|r,B<iA 7^jr, B<iA, A 7_ 



r, A ^ Bo A 

f I A ^ R 



/_i|A<iB, r /_2|A,A<iB, r /_3 



A<iA -» B,r 

an exception, if T = ^ and A = C , C E F , the premise ©5 of the rules 
(0, ^, I) and (0, =<;, r) is Iq^ |T ^ C and the premise ^3 of the rules (— >, ^) 
and (^,=^,r) is /_^3|T =^ C. 

We point out by the means of an example that in the notation of Defini- 
tion 13.31 the side relational hypersequent has been omitted and the antecedent 
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of premises has been abbreviated. Moreover, we focus on the terminology in- 
troduced. 

Example 3.1. The fully scripted version of the rule (— >,<l, r) is: 

,H\B < A|A<]B,r H\B -< A|A,A<3B,r H\A < B 

(— >,<, r) — ' ' ' ' ' — = — 

^ ' ' ' H\A<A^B,r 

With respect to the rule, H\A <i A —fB,T is the conclusion, H is the side 
relational hyper sequent, H\B <C yl|A<i3,r is the premise — >i, H\B -< A|A, ^< 
B,T is the premise —^2 and H\A < B is the premise — >3. With respect to each 
premise, B A is the antecedent (of premise) —>-i and A<iB,T is the consequent 
(of premise) — B ^ A is the antecedent (of premise) —+2 and A, A <i B,T is 
the consequent (of premise) -^2, A < B is the antecedent (of premise) — >3 and 
is the consequent (of premise) — ^3. 

We remark that some unusual features of the rules, namely the emptiness of 
consequents of premises 05 and -^3 and the occurrence of A, B on both sides 
of <s in premise ©4, are necessary conditions to prove the semantic properties of 
the calculus, for reasons that will become apparent in the following, examining 
in detail Definition 13.41 and Proposition 13. 21 

The properties of soundness and invertibility of a logical rule are defined as 
follows. 

Definition 3.4 (soundness, invertibility). Let R be a logical rule. Then, R 
is sound for BL if and only if, for all valuations v, if v satisfies all the premises 
of R, then v satisfies the conclusion of R. Moreover, R is invertible for BL 
if and only if, for all valuations v, if v satisfies the conclusion of R, then v 
satisfies all the premises of R. 

A logical calculus is sound and invertible if all its rules are sound and in- 
vertible. 

We must show that RHBL is sound and invertible. To this aim, we antici- 
pate the following two propositions. 

Proposition 3.1. Let R be a logical rule determined as in Definition \8.!A and 

V be a valuation. Then, with respect to [A,B): 

(i) if V is Qi, then v satisfies the antecedent of the premise Qj if and only if 
j ^ i, for all i,j e {1,2,3,4,5}; 

(ii) if V is -^i, then v satisfies the antecedent of the premise — >j if and only 
if 3 7^ h for all i,j G {1,2,3}. 

Proof. Both claims can be proved by cases as immediate consequences of Def- 
inition 12.41 Definition 13.21 and Fact 13.11 As an example (the other cases are 
similar), if v is ©3, then v 'f^i A, B, that is, v li^ A, B (the antecedent ©3), 
whereas all oiv A ^ B (the antecedent Gi), v \^ B ^ A (the antecedent ©2), 

V \= A, B -<_i (the antecedent ©4) and 1; 1= T =^ A\T =<; B (the antecedent ©5) 
hold, thus the claim holds in this case. □ 
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Proposition 3.2. Let R be a logical rule determined as in Definition VJ.^A and 
V be a valuation. Then, with respect to [A,B): 

(i) if V is 0i, then v satisfies the consequent of premise Qi if and only if v 
satisfies the conclusion, for all i £ {1, 2, 3, 4, 5}; 

(ii) if V is -^i, then v satisfies the consequent of premise —>-i if and only if v 
satisfies the conclusion, for all i G {1,2,3},' 

Proof. The argument relies on Definitions 12.41 and 13.21 and on Fact 12.11 

(i) To prove the first claim we examine the rules. Consider (0, /) and 
(0, <,?'). If V is 01,03,04, then [v{A B)\ = b(A)J, thus v satisfies the 
consequent of premise 0^ if and only if v satisfies the conclusion, for i = 1,3, 4. 
If V is 02, [v{A B)\ — [v{B)\, thus v satisfies the consequent of premise 02 
if and only if v satisfies the conclusion. If v is 05, the consequent of premise 
05 is equivalent to the conclusion, since, for the left version of the rule, and 
T <C C are both unsatisfiable, and, for the right version of the rule, v satisfies 
C ^ T if and only if v satisfies the conclusion. 

Consider (0, <, I) and (0, <i, r). If u is 0i (02), then v satisfies the consequent 
of premise 0i (02) if and only if v satisfies the conclusion. If v is 03, first we 
observe that 



Otherwise stated, the value of a relation of the form F, AqB<iA does not change 
replacing AqB on the left with A, B and, similarly, the value of a relation of the 
form T<\AqB,A does not change replacing AqB on the right with A, B. Then 
we consider two cases, the first arising when |F| > or |A| > 1 and the second 
arising when |F| = and |A| = 1, say, A = C for some C G F. In the first case, 

V satisfies conditions H3.3|l and H3.4(l in the consequent of premise 03 if and only 
if V satisfies conditions H3.3|l and H3.4|l in the conclusion, exploiting H3.9|l and 
Fact 12. ll In the second case, for the soundness, if v satisfies the consequent of 
premise 03, then, by condition (|3.3|l of Definition 13. 2f Mz'). [w(A)J — [v{B)\ = 
[v{C)\ < +00, thus also [w(C)J — [v{AqB)\ (weakening condition l|3.3|) '). and 

V satisfies condition 1)3. 1|) in the conclusion, but v satisfies also condition 13. 2|) . 
by (|3.9|l . thus v satisfies the conclusion. For the invertibility, if v satisfies the 
conclusion, then, by condition (|3.1|l of Definition I^Jiz), [w(C)J = [v{Aq B)\, 
then [w(A)J — [v{B)\ = [v{C)\ < +00, thus v satisfies condition t\3.3\\ of 
Definition \3.'2U ii) in the consequent of premise 03, but v satisfies also the 
condition l|3.4|l . by (|3.9|l . thus v satisfies the consequent of premise 03. Notice 
that we rely on the assumption that v is 03 for strengthening condition 1)3. l|l . 
If V is 04, first we observe that 



7, (5 G R . Otherwise stated, the value of a relation F, AQB<iA does not change 
replacing A Q B on the left with A, B, replacing A on the right with A, B, A 



v{AqB)-1^ v{A) + v{B) - \ v{A)\ - 1 - [v{B)\ - 1 
= v{A) - 1 + v(B) - 1 



(3.9) 



7 + w(yl B) - 1 < <5 ^ 7 + \ v{A)\ - \y{A)\ - l<5 
^ 7 < (5 + 1 



(3.10) 
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and increasing the integer index of the relation by 1. Moreover, we observe that 



7 < TJ(A - 1 + (5 ^ 7 < [v{A)\ - [v{A)\ -1 + S 

7 < (5 - 1 



(3.11) 



7, (5 e R . Otherwise stated, the value of a relation T-hAqB, A does not change 
replacing F on the left with T,A,B, replacing Aq B on the right with A, B and 
decreasing the integer index of the relation by 1. Then, treating the two cases 
mentioned above as for 03 valuations and exploiting H3.1()|l and H3.11|l . we obtain 
the equivalence modulo v of the consequent of premise 04 and the conclusion. 
It may be worth mentioning that the apparent redundancy of A, B on both 
sides of the consequent of premise 04 is necessary to obtain the soundness of 
the rule. The problem is to guarantee the condition (|3.3() in the conclusion, 
whereas to guarantee condition H3.4() a premise F < A would be sufficient. In 
fact, it is clear that the value of a relation F, A,B<iA,B,/S. is equal to the value 
of the relation F < A. If u is 05, we consider the two cases mentioned above. 
In the first case, neither the consequent of premise 05 nor the conclusion is 
satisfied by the former being unsatisfiable and the latter violating condition 
1)3. 3|l of Definition VA.'Zi iii). In the second case, we distinguish three subcases. 
If < is neither the consequent of premise 05 nor the conclusion is satisfied 
by u, the former being unsatisfiable and the latter violating condition H3.4|l of 
Definition l3.2f M). If <i is and z = 0, then v satisfies the consequent of premise 
05 if and only if A = T if and only if v satisfies also the conclusion, by the 
exception outlined in Definition l3.3l If <i is and z ^ neither the consequent 
of premise 05 (which is 0) nor the conclusion is satisfied by w, the former being 
unsatisfiable and the latter violating condition (|3.3() of Definition 13 . 2r Mz^ . since 
[_AqB\ = +00. 

{ii) The proof is entirely analogous to (i). As a hint, we observe that 



Otherwise stated, the value of a relation F, A ^ SoA does not change replacing 
A — > i? on the left with B and replacing A on the right with A, A. Moreover, 
we observe that 



Otherwise stated, the value of a relation A<iA B,r does not change replacing 
A on the left with A, A and replacing A B on the right with B. 



v{A^B)-l<0 4^ [v{A)\ + 1 - v{A) + v{B) - \ v{B)\ - 1 < 
^ v{B) - \ v{B)\ - 1 < v{A) - \y{A)\ - 1 
<^ v{B) - 1 < v{A) - 1 



(3.12) 



Q <v{A^ B) -l^Q < [v{A)\ + 1 - v{A) + v{B) - [v{B)\ - 1 
^ v{A) - [v{A)\ - 1 < v{B) - \v{B)\ - 1 
v{A) - 1 < v{B) - 1 



(3.13) 



□ 



Lemma 3.1. The calculus RHBL is sound and invertible. 
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Proof. Let the logical rules for and be determined as in Definition \'6.'3\ and 
let w be a valuation. 

We prove that rules are sound and invertible. For soundness, by Fact 12. 11 

V is 0i for exactly one i G {1, . . . , 5} and, by Proposition 13. If z). if u is 0i, then 

V satisfies the antecedent of a premise Qj only if j 7^ i. If v does not satisfy the 
premise 0^, the claim holds trivially. Otherwise, if v satisfies the premise 0^, 
then, by Proposition l^^i), v must satisfy the consequent of the premise 0i, 
then, by Proposition 13. 2r z). v satisfies the conclusion of the rule, and the claim 
holds. For invertibility, if v does not satisfy the conclusion, the claim holds 
trivially. Otherwise, let w be a 0^ valuation such that v satisfies the conclusion. 
By Proposition VS.'lU ). v satisfies (the consequent of) the premise 0i and, by 
Proposition lS.ir z). v satisfies (the antecedent of) the premises Qj, for all j ^ i, 
thus the claim holds. 

The argument for proving soundness and invertibility of rules is similar. 

□ 

In the remainder of this section we will introduce and refine a notion of 
reduction based on RHBL, which will form the kernel of a decision algorithm 
for the validity problem of BL (see Section O. 

Definition 3.5 (RHBL reduction). A RHBL reduction of A ^ F is a labeled 
rooted ordered tree Ta such that all the following statements hold. 

(i) The root of the tree is labeled by the relational hypersequent T ^ A. 

(ii) If a node u of the tree is labeled by an irreducible relational hypersequent, 
then u is a leaf of the tree. 

(Hi) Let u be a node of the tree labeled by a reducible relational hypersequent G, 
let Ao A' be the most complex formula of G with respect to <c and choose 
an arbitrary occurrence of A o A' in a relational context of type (<, s), 
s e {/, r}. Then the proper descendants of u are labeled by the premises of 
the logical rule (o,<i, s) with conclusion G and pivot A o A' , the ith child 
being labeled by the premise Oj. 

The length of the path from the root to a node u is the depth of the node, which 
we write d{u). A simple downward path from the root to a leaf is a branch of 
the tree. The height of a tree T , h{T), is the number of edges on the longest 
branch. 

The tree produced by Definition 13.51 allows for refinements. Consider the 
following example. 

Example 3.2. Let G^ = H\A ^ B < A1IA2 ^ A ^ B,T2, where A ^ B is 
the most complex formula of G^ and A ^ B does not occur in H . We consider 
the portion of the RHBL reduction tree which is rooted at G^ and follows the 
second child of the nodes, corresponding to — >2 premises. The reduction is: 
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... H\B ^ A\A ^ Ai\A2., A ^ B,r2 ... 

X, 

-< A|A < A1IA2, -< A ^ B,r2 

■ <, I) 

H\A ^ B < A1IA2 X A ^ B,r2 

Notice that the antecedent -^2 is sufficient to eliminate both occurrences of 

B and that, in this case, eliminating two occurrences of A ^ B requires two 

steps. 

In the example, given a relational hypersequent G having Ao B as its most 
complex formula with respect to <c, the branches rooted at G start eliminating 
each occurrence of A o B, since the pivot of the rule is chosen as the most 
complex formula of G by definition. To this aim, the very same antecedent is 
used repeatedly along the branch to eliminate each occurrence of ^ o B until 
all occurrences arc eliminated. This scenario suggests the idea to exploit the 
antecedent for eliminating all the occurrences of the most complex formula via 
a concise rule. 

For this purpose, we introduce substitutions on relational hypersequents, 
relying on the usual multiset operations for the manipulation of the formulas. 
Let G, G' G RH and A, B, B' e F, then: 

{i) the relational hypersequent G{A B) is obtained replacing each occur- 
rence of A with B in. G\ 

{a) the relational hypersequent G{A 4= B,B') is obtained replacing each oc- 
currence of A with B, B in G; 

(Hi) if the occurrences of ^ B on the left and right of < in G are I and r 
respectively, then the relational hypersequent G{AqB A, iJ<i+;_r A, B) 
is obtained deleting all the occurrences of AQ B in relations of type <i in 
G, adding one copy of A, B on the left and right of < and updating by 

I — r the index of <; 

(iv) if the occurrences of A — > i? on the left and right of < in G are I and r 
respectively, then the relational hypersequent G{A ^ B <= A^, S'<iA', B'^) 
is obtained deleting all the occurrences of A ^ in relations of type O in 
G, adding r occurrences of A and I occurrences of B on the left of < and 
adding I occurrences of B and r occurrences of A on the right of <i. 

Moreover, if a and a' are substitutions as above, then the relational hyper- 
sequent GctIG (t is obtained executing simultaneously a over G and a over 
G'. 

The notion of rewriting rule is based upon the substitution operation and 
provides an effective means for eliminating all occurrences of a formula from a 
relational hypersequent. 

Definition 3.6 (rewriting rules). Let H,Go,G^,G^,G^. G RH such that 
Ao B is the most complex formula occurring in Go ■ Moreover, assume that 
H C Go is the set of relational sequents in which AoB does not occur, G^ C Go 
is the set of <IC relational sequents in which AoB occurs, that G^ C Go is the 
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set of -<2, =^2 relational sequents in which A o B occurs and that C is 
the set of ^ relational sequents with at most one formula on each side. 
The BL rewriting rules for and —> are: 



b ^a\g^-, b ^ a\g^2 a< b\g^^ 
gZ 

where Go- is obtained by the following substitutions of A o B in Go (G — A if 
c{A) <c c{B) and G = B otherwise) : 



(i) Go, 


= Gq{AgB^A)\H; 






(a) 


= Gq{A(DB^ B)\H; 






(Hi) G03 


= G'q{Aq B ^ C)\G"q{Aq B 


^A,B)\H; 






= G'q{Aq B ^ C)\G'q{Aq B 


^A,B <+i_ 


-rA,B)\H; 




= G'q\G"^{A(DB ^ T)\H; 






M G^, 


= G^{A B <^ B)\H; 






(vii) G^2 


= G'^{A -^B<^ G)\G'i{A 


B <= A'',B^ 


<iA\B'')\H; 


(via) G^3 


= GL,|G"(A ^ B ^ T)\H. 







With respect to a rewriting rule, premise (of type) Oj, conclusion, side, an- 
tecedent (of type) Oj are defined as in Definition \S.Sl The consequent (of type) 
Oi is Go; and the pivot is Ao B. 

We observe that, if n is the number of distinct subformulas occurring in the 
conclusion of a rule, then the number of distinct subformulas occurring in each 
premise of the rule is at most n — 1, since the pivot occurs in the conclusion but 
not in the premises. 

The semantic properties required follow immediately from the soundness and 
invertibility of logical rules. 

Corollary 3.1. The rewriting rules for BL are sound and invertible. 

Proof. The argument used to prove soundness and invertibility of logical rules in 
Pror)Osition l3. II works equally well for rewriting rules, once proved that, for both 
rewriting rules, the consequent of premise Oj and the conclusion are equivalent 
modulo a valuation v of type Oj. But this claim follows from Fact 12. ll from 
(ESI, l|XTn|l . l|TTT|l . (EUl), (|XT^ in the proof of Proposition El and from the 
definition of the substitutions and Definition 13.61 □ 

It is easy to realize that, with respect to the construction of the reduction 
tree, the effect of a unique rewriting rule having pivot A on a given relational 
hypersequent is equivalent to the effect of a sequence of logical rule having the 
same pivot. Consider the following example. 
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Example 3.3. Let be as in ExamT)le \3.'A In the setting of Definition \3.b\ 

we have: 

G'i=A2^A^ B,V2 

=gL(^ A)\G'i{j^^ B ^ A\B° ^A^^B^) 

= A B Ai{^ A)\A2 -< A ^ B,T2{A ->B ^A^,B° < A'',B^) 
= A < AilAa,^ < B,T2 



The rewriting rule produces the relational hypersequent H\B ^ A\A <§; 

Ai|A2,v4 -< B,T2 in one step, whereas the logical rules of Examvle \8.'^^ require 
two steps to obtain the same relational hypersequent. 

Comparing Example 13.21 and 13 . 31 we observe that the rewriting rules require 
1 step constant to eliminate all occurrences of a formula, whereas in the worst 
case the logical rules require n steps to achieve the objective, if the formula 
occurs n times. In this light, a refined notion of reduction arises naturally. 

Definition 3.7 (RWBL reduction). The RWBL reduction of A <E F is a 
labeled rooted ordered tree Ta such that all the following statements hold. 

(i) The root of the tree is labeled by the relational hypersequent T ^ A. 

(a) If a node u of the tree is labeled by an irreducible relational hypersequent, 
then u is a leaf of the tree. 

(Hi) Let u be a node of the tree labeled by a reducible relational hypersequent G 
and AoA' be the most complex formula of G. Then the proper descendants 
of u are labeled by the premises of the rewriting rule (o) with conclusion 
G and pivot AoA', the ith child being labeled by the premise Oj. 

Depth, branch, height and size are defined as in Definition \3.5l 

Notice that the rewriting rule (0) handles 04 premise avoiding the combi- 
natorial explosion of formulas along the branches of the reduction tree. This 
complexity refinement of logical rules explains why the irreducible relational hy- 
persequents produced by RHBL and RWBL reductions, however equivalent, 
are distinct. Inspect the following example. 

Example 3.4. Let G = Ai,AqB,AqB 4z Aq B,ri, where A (D B is 
the most complex formula of G. We consider the portion of the RHBL and 
RWBL reductions tree which are rooted at G and follows the fourth child of the 
nodes, corresponding to 04 premises. The RHBL reduction is: 

... A,B ^_i|A3,b3 <i^+i a3,b3 ... 

■(Q,<iz+2,r) 



A, B ^-i\A\B^ 0^+2 A\B'',AQB 

^ (0, <z+l, /) 

A,B '<-]_\AQB,A,B<i:,+iA,B,AQB 

(0: <^ , 

A & B^ A& B 
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and the RWBL reduction is: 



... A,B ^-i\A,B<i^+iA,B ... 

; (0) 

AQB^<i^ A&B 

As in Examvle \8.!A the RWBL reduction requires one step to eliminate AqB, 
whereas the RHBL reduction requires one step for each occurrence of AQ B. 
Moreover, the irreducible relational hypersequent obtained via RWBL reduction 
is smaller (but equivalent, as can be easily checked applying Definition \&.i^ . 

We will take advantage of this remarkable feature of RWBL while studying 
the size of the RWBL reductions. By means of the example below, we illustrate 
another behaviour of the RWBL reductions, which will be exploited, again in 
Lemma 15.21 to avoid the size explosion of the tree branches. 

Example 3.5. We consider the following portion of a RWBL reduction tree, 
generated applying upwards the rewriting rule and showing only the fourth 
child of the nodes (that is, the 04 premise of the rule): 



... C,D ^.i\A,B,C,D<i+iA,B,C,D,A ... 

^ (0) 

A,B 'i^i\A,B,C Q D <i+-t_ A,B,C Q D,A 

(0) 

AqB,CQD ^.i\AQB,C&D<i+iAeB,C&D,A 

(0) 

(A B) (C D) <: A 

Once {AQ B) Q (C (D D), which occurs only on the left, is eliminated, the conse- 
quent of premise 04 contains the pair AQ B,C Q D on both sides, thus its size 
is almo.st two times the size of the conclusion. But the subsequent elimination of 
Aq B takes advantage of its balanced occurrence, since replacing Aq B with the 
pair A, B on both sides does not affect the size of the result (the same argument 
holds for C Q D). 

It is easy to realize that the phenomenon described is always verified, relying 
on Definition 13.61 Lemma 15.21 will make this argument rigorous. 

The following proposition establishes two structural properties of RWBL 
reductions. 

Proposition 3.3. Let Ta be a RWBL reduction of a formula A and G be a 
leaf of Ta ■ 

(i) Let qi,. . . ,qs<iqs+i, ■ ■ ■ ,qt be a relational sequent occurring inG, {~<z 
,^z}, t > 2 and, if t = 2, then z ^ Q. Moreover, let m be the number 
of distinct propositional variables among qi, . . . ,qt. Then, there exists a 
sequence (ri, . . . , r„) containing all such variables, with m < n, such that 
the relational sequents ri ^ r2,...,r„_i <^ r„,r„ <C ri, T ^ n and 
ri ^ T , i = 1, . . . ,n occur in G. 

(ii) Let {pi : < i < 1} be the propositional variables of A. Then, the propo- 
sitional variables occurring in G are exactly pi, . . . ,pi. 
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Proof, {i) By induction on the depth of T4 nodes, we prove that, for all w £ V, 
if the relation Ai, . . . ,As < As+i, ■ ■ ■ ,At occurs in the label H oi u and m is 
the number of distinct formulas among Ai,...,At, then, for some sequence 
{Bi, . . . , Bn) containing all such formulas, with m < n, the relations Bi ^ 
B2, . . . , Bn-i Bn, T <C -Bj and B^ =4 T, i = l,...,n, occur in H. The 
required conclusion follows immediately from the fact that G is irreducible, 
that is, for i = 1, . . . , t, is a propositional variable. 

For the base case, if d{u) = 0, m is the root of Ta and the claim holds trivially 
since no relations of the required form occur in u. 

For the inductive step, wc assume by induction hypothesis that, for all nodes 
u' & V with d{u') = i, if the relation A[, . . . , A'^, < A'^i^i, ... ,A!^, occurs in the 
label H' of v! and m' is the number of distinct formulas among A\,...,Ati, then, 
for some sequence (BJ, . . . , -B'j/) containing all such formulas with m' < n' , the 
relations B[ < B'^, . . . , B'^,_^ < B'^,, T < and B^ 4 T , i = 1, . . . ,n' , 
occur in H'. We prove that, for any node u of depth i + 1 such that the 
relation Ai, . . . ,As <As+i, ■ ■ ■ ,At occurs in the label H of u and m is the number 
of distinct formulas among Ai, . . . ,At, then, for some sequence {Bi, . . . ,Bn) 
containing all such formulas with m < n, the relations Bi <C B2, . . . , Bn-i ^ 
Bm T <C i?i and Bi ^ T , i = I, . . . ,n, occur in H. Wc examine two cases. 

In the first case, iJ is a premise of the rewriting rule for with conclusion 
H' and a pivot C @ D. If if is the 0i, 02 or 05 premise, the claim follows 
directly from the induction hypothesis. If H is the 03 premise, then we study 
the antecedent and the consequent separately. For the antecedent, we observe 
that a relation of the form <, < G {-<z,=^z}, occurs in the antecedent, namely 
C, D -<_i, but, C<CD, _D<C, T<CC, T<_D, C=^T and D =<; T occur 
in the antecedent as well. For the consequent, we observe that the formula 
C D is replaced by the pair C, £> in <i relations and by the less complex among 
C, D, say C, in ^ relations, thus, on the one hand, the cycle we are assuming 
by induction hypothesis is preserved with C instead of C D and moreover 
it includes also D, since we know that both C ^ D and D ^ C occur the 
antecedent. On the other hand, the <i relations in which C, D occur are covered 
since also C =4 T and D =4 T occur the antecedent. If H is the 04 premise, the 
argument is similar. 

In the second case, i? is a premise of the rewriting rule for — > with conclusion 
H' and a pivot C ^ D. If is the ^1 or — >3 premise, the claim follows directly 
from the induction hypothesis. If H is the — >2, the argument is similar to the 
previous carried out for 03^4 premises. 

(ii) By induction on the depth of Ta nodes, we prove that, for all m G with 
label H, the propositional variables occurring in H are exactly the propositional 
variables of A. 

For the base case, if d{u) = 0, u is the root of T4 and the claim holds 
trivially. For the inductive step, we assume by induction hypothesis that the 
claim holds for all nodes u' with label H' of depth i and we prove that the 
claim holds for a node u with label H of depth i + 1. If if is a premise 0i, 
©2, 03 or 04 of the rewriting rule for 0, or also a premise — >i or — >2 of the 
rewriting rule for all the variables of the pivot occur in the antecedent of 
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the premise. The other variables are unaffected by the rule and we can apply 
the induction hypothesis. If is a premise ©5 or ^3, all the variables of the 
pivot occur in the antecedent of the premise. However, by Definition 13.61 the 
-<z,=4z relations (with more than one formula on the right or left side or with 
z ^ 0) have been removed from H together with their propositional variables. 
But the previous claim (i) guarantees that the variables removed occur in <C 
relations in H . The other variables are unaffected by the rule and we can apply 
the induction hypothesis. □ 



4 Axiom Check and Countermodel Building 

The main goal of this section is to show that the problem of checking if the leaf 
of a RWBL reduction is an axiom or not can be decided by a suitable algorithm 
in time polynomial in the size of the input. We refer the reader to [CLRSOl] 
and |Sch86| for standard notions and facts in the fields of algorithms and linear 
programming respectively. 

Preliminarily, we formalize the notion of size for formulas and relational 
hypersequents. We will assume a finite alphabet E and a standard encoding (•) 
such that, for aU s <E S*, (s) € {0,1}* and \{s)\ = 0{\s\) For definiteness, we 
will assume that the character set E and the character encoding (•) are provided 
by the ASCII standard. From now on, formulas and relational hypersequents 
will be considered as strings over S, that is, F, RH C E*. Let A be a formula 
with no occurrences of connectives and ni occurrences of variables. Avoiding 
redundant parenthesis, it is easy to define the syntax of formulas providing that 
\A\ = O{no), since ni — uq + 1. Let G be a relational hypersequent with 
no occurrences of connectives, rii occurrences of variables and 712 occurrences 
of relations. Observing that variables and relations bring at most a constant 
number of parenthesis and commas, it is easy to define the syntax of relational 
hypersequents providing that \G\ — O{no + ni + 71,2). 

The following definition is legitimate in the light of the previous discussion. 

Definition 4.1 (size). Let A F with no occurrences of connectives. The size 
of A is the length \ {A) \ of its standard binary encoding (A) . 

Let G be a relational hypersequent with uq occurrences of connectives, ni 
occurrences of variables and n2 occurrences of relations. The size of G is the 
length \{G)\ of its standard binary encoding (G). 

Note that \{A)\ — O{no) and |(G)| — O{no + ni + n2). It is meant that, 
with respect to reduction trees, the size of a node is the size of the relational 
hypersequent labelling the node, the size of a branch is the sum of the sizes of 
the nodes of the branch and the size of the tree is the sum of the sizes of the 
nodes of the tree. 

We introduce the notion of axiom in the context of RWBL reductions and, 
in the usual formal languages framework, the axiom decision problem for a 
RWBL reduction leaf. 
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Definition 4.2 (axiom, BL-AX). Let H he the label of a leaf of a RWBL re- 
duction. Then, H is an axiom if it is valid. BL-AX = {(H) : H is an axiom} C 
{0,1}*. 

We consider the problem of checking if the leaf of a RWBL reduction is an 
axiom or not. An instance of the problem BL-AX is represented by the leaf 
of a RWBL reduction, that is, an irreducible relational hypersequent H of the 
form Hi \ . . . \Hk corresponding to the boolean disjunction Hi V ■ ■ ■ W Hk. The 
question is if H is an axiom or not, equivalently, if H is valid or not. We reduce 
to the question if the negation H, of the form ^Hi A • • • A -^Hk is satisfiable or 
not. If H is satisfiable, then H is not an axiom, otherwise, if H is unsatisfiable, 
H is an axiom. 

Let Var{H) = {pi, . . . ,Pn} be the propositional variables of H and v be 
a valuation. Moreover, let q,r £ Var(H) U {T} and qi, . . . ,qi,ri, . . . ,rm G 
Var{H). Then any relational sequent ^/ G . . . , -liJ/^} has one of the 

following forms 

g < r (4.1) 
q^ (4.2) 

(4.3) 

qi,...,qi ^^ri,...,rm (4.4) 



qi,...,qi 4zri,...,rra (4.5) 
which are respectively satisfied by v only if 

[v{q)\ ^ [vir)\ ^ lv{r)\ < lv{q)\ (4.6) 
lviq)\ = lv{r)\ => v{r) < v{q) (4.7) 
lviq)\ = lv{r)\ => v{r) < v{q) (4.8) 

[v{qi)\ =■■■ = [v{r^)\ <+oo^Y^ ~v{qt) + ^v{ri) < m - I - z (4.9) 

i=l i=l 
I m 

[v{qi)\ [v{r^)\ < +00 =^ ^ -tJ(g,) + ^ w(r,) < m - I - z (4.10) 

1=1 i=i 

We describe a three stages algorithm for BL-AX, called CheckAxiom. 



Stage 1. The first stage of the algorithm is devoted to the initialization of 
a directed vertex labeled graph G = {V,E). First, V — {vi, . . . ,Vn,Vn+i}, 
n = \Var{H)\, and the label of a vertex v is l{v) C Var{H) U {T}. We identify 
a vertex by its label. At initialization time, for i ~ 1, . . . , n, l{vi) ~ {pi} and 
l{vn+i) = {T}. Moreover, for each ^/ G {^Hi, . . . , ^Hk} of the form H4.1|) . the 
set E contains and edge (r, q) . 

Stage 2. The second stage of the algorithm is devoted to define the constraints 
of a linear program P of the form Ax < b, Bx < c, where 

X G R"^"'" A G Z*-"^^"-*^" b G 2^"^^"'^^ B G Z*-"^"*""-* c G 2^"^^"-'^"'" 
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and < ni, 712 < fc, where ni, n2 are at most equal to the number of HiS of the 
form H4.3|l . (|4.5|l and (|4.2|l . (|4.4|l respectively. 

To this aim, the cycles eventually contained in G are iteratively detected and 
removed, until the graph G becomes a forest. Specifically, if a cycle c is detected, 
say c = (ui, . . . , Um,ui), m < n + 1, the vertices ui, . . . , Um are removed from 
V and a vertex v, with l{v) = UHi is added to V. All the edges {ui, Uj) 
with i, J G {1, . . . , m} are removed from E. Moreover, whenever Ui is in the 
cycle, Uj is not in the cycle and {ui,Uj) G E (respectively {uj,Ui) G E), {ui,Uj) 
is removed and replaced by (v,Uj) (respectively {ui,v)). At each iteration, \V\ 
decreases at least by one, then the loop iterates at most n times. At the end of 
the loop, the graph G is topologically sortable to obtain an ordered Hst vq, - ■ ■ ,vi 
of the vertices such that, if G contains ad edge {vi,Vj), then Vi appears before 
Vj in the ordering. 

Depending on the form of each -i/ G {^Hi, . . . , -^Hk}, the constraints of P 
are initialized. 

(i) If -i/ is like H4.1|l . no constraints are added to P. 

[ii) If -i/ is like (|4.2() . there are two cases, li q — pi and r = pj for some 
i,i G {1, . . . , n} and, for some m G {0, . . . , Z}, both Pi,Pj G l{vm), then 
the constraint Xj < Xi is added to P (no constraints are added if such m 
does not exist). Otherwise, if 5 = T or r = T and, for some to G {0, . . . , Z}, 
both q,r G l{vm), the constraint < is added to P (no constraints are 
added if such to does not exist). 

{Hi) If -1/ is like (|4.3(l . there are two cases, li q — pi and r = for some 
i,j G {1, . . . ,n} and, for some to G {0, . . . ,Z}, both G l{vm), then 

the constraint Xj < Xi is added to P (no constraints are added if such to 
does not exist). Otherwise, if q = T or r = T and, for some to G {0, . . . , Z}, 
both (7,r G l{vm), then the constraint < is added to P (no constraints 
are added if such m does not exist). 

(iv) If -1/ is like H4.4|) . there are two cases. If there exist m^m' G {0, . . . ,Z} 
such that all the variables of ^/ occur in l(vm), T ^ l(vm), T G l(vm'), 
{vm,v,n') G and (t;™', «,„) ^ then P is extended with the constraint 
bi ■ xi + ■ ■ ■ + bn ■ Xn < c, where 61, . . . , 5„, c are the integers derived from 
(|4.9|l . otherwise, no constraints are added to P. 

(v) If -1/ is like 1)4.5(1 . there are two cases. If there exist m,m' G {0,. ..,1} 
such that all the variables of ^/ occur in l{vm), T ^ l{vm), T G Z(fm')j 
("I'm, 'Vm') S and (f„i', Wm) ^ -E^, then P is extended with the constraint 
ai ■ xi + ■ ■ ■ + an ■ Xn < b, where oi, . . . , a„, 5 are the integers derived from 
(|4.10l) . otherwise, no constraints are added to P. 

Finally, the constraint < xi, . . . , x„ < 1 is added to P. 

Stage 3. The third stage of the algorithm is devoted to check if the linear 
program P is feasible or not. If P is feasible, then the algorithm returns in 
output "No" , otherwise it returns in output "Yes" . 
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Example 4.1. Let H bepi,p2 -<-i\pi pi\pi,pi,P2 -<-i pi,P2\pi,Pi,P2 
Pi,P2\pi,P2 ^1 pi,pi,P2\pi,P2 pi,pi,P2\T -4 Pi- By Notation\^ H is the 
boolean disjunction of pi <C p2, P2 ^ Pi, Pi T, T =<; pi, T ^ pi, p2 ^ T, 

T 4 P2, T <t: P2, ^1 Pl,P2, Pi < Pi, Pl,Pl,P2 -^-l Pl,P2, Pl,Pl,P2 -4-1 Pl,P2, 
Pl,P2 -^1 Pl,Pl,P2,_Pl,P2 =il Pl,Pl,P2, T 4pi. 

Consequently, H is the boolean conjunction of pi p2, P2 ^ Pi , Pi ^ ~^ , 



T <^Pl,T 4 pi, P2 ^ T, T <P2, T ^ P 2, 4l Pl,P2, Pi < P i, Pl,Pl ,P2 ^-1 Pl,P2, 
Pl,Pl,P2 4-1 Pl,P2, Pl,P2 -<1 Pl,Pl,P2, Pl,P2 4l Pl,Pl,P2, T 4pi. 

At initialization time the graph G has vertices V — {^1,^2,^3}, labels 
l(ui) = {pi}, l(u2) = {P2}, Kus) = {T} and edges pi Pi,Pi ~* P2, P2 ~^ Pi, 
Pi — > T, p2 ~> T. At the end of the clustering loop G has vertices V = {wo, wi}, 
labels 1(vq) = {pi,P2}, '("^i) = {T} and edges {pi,P2} ~* T. The topological 
sorting of G is {vq,vi). 

At the end of the linear program initialization loop, the linear program P has 



the form Ax < b, Bx < c, where x 
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The linear program P is unfeasible, since it contains the constraints xi < and 
< Xi, then H is an axiom. 

To the aim of characterize the soundness of CheckAxiom, it is useful to 
observe that the clustering loop maintains the invariant that, at each iteration, 
each propositional variable of H occurs in the label of exactly one vertex of 
G. This property holds at initialization time and guarantees, when the loop 
terminates, that the labels of the vertex of G form a partition of the propositional 
variables of H. 



Proposition 4.1. The relational hypersequent H is an axiom if and only if the 
linear program P is unfeasible. 

Proof. Equivalently, we show that H is unsatisfiable if and only if P is unfeasible. 

(=>) We prove that, if P is feasible and x = {xi ■ ■ -3^) is a solution, then 
there is a valuation v such that v satisfies -^Hi for all i = 1, . . . ,k. 

We define a valuation v such that, for alH = 1, . . . , n, the valuation v{pi) is 
the sum of an integer part, obtained from the topological sorting vq, . . . ,Vm of 
G, and a decimal part, obtained from the feasible solution x of P. Specifically, if 
Pi e l{vj) and T ^ l{vj), j G {0, . . . , m}, then v{pi) = j + x7, that is, [w(pi)J = J 
and v{pi) = 37. Otherwise, if pi G l{vj) and T G livj), then v{pi) — +00. 
Notice that v is well defined, by the invariant of clustering loop. We show that 
V satisfies ^Hi, for alH = 1, . . . , A:. 

If -^Hi has the form q <^ r, we examine two cases. If there is a cycle c = 
{r,q, . . . ,r) in G at initialization time, then both q,r G for some j G 

{0, . . . ,m}, then [v{p)\ = [v{q)\ = j and v satisfies ^Hi. Otherwise, r G l{vi) 
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and q € l{vj) for some i < j, with i,j € {0, . . . by the properties of the 
topological sorting, then [w(r)J < [v{q)\ and v satisfies ^Hi. 

If -iHi has the form q <r, we examine two cases. If there is a cycle c = 
{r, q, . . . ,r) in G at initialization time, then both q,r G l{vj) for some j G 
{0, ...,r7i} and, reasoning as before, [i'(p)J = L'^('Z)J- Now, if q = pi and 
r = pj, for some i,j € {1, . . . , n}, then the constraints Xj < Xi, < Xi, Xj < 1, 
have been added to P, then v{r) < v{q) since x] — v{pj) and v{pi) = Tl. 
Otherwise, if q = T or r = T, by the definition of w, v{r) < v{q) holds since 
v{r) = v{q) ~ +00. In all cases, v satisfies -^Hi. If there is not a cycle c in G at 
initialization time, r G l{vi) and q G l{vj) for some i ^ j, with i, j e {0, . . . , m}, 
then [v{r)\ ^ [v{q)\ and v satisfies ^Hi. If ^Hi has the form q ^ r, the 
argument is similar with the exception that the case in which there is a cycle 
c = {r,q, . . . ,r) in G at initialization time and q = T or r = T is excluded (in 
this case P is unfeasible, since at Stage 2{iii) the constraint < is added to 
P)- 

If -^Hi has the form (|4.4|l . by Proposition \'6.'3i i) there is a cycle c in G at 
initialization time involving all the variables of -^Hi. We examine two cases. If 
T is involved in c, then there exists j G {0, . . . , m}, such that all the variables 
of and T are in l{vj), but then v satisfies since by definition v does 

not satisfy the antecedent of H4.9|l . Otherwise, if T is not involved in c, then by 
Proposition ltj.^f z) the conditions for adding to P the constraints < Xi, . . . , Xj < 
1 and bi ■xi + - ■ •+5„-x„ < c, for suitable integers 6i, . . . , 5„, c derived from l|4.9|) . 
are satisfied. Hence, v satisfies the consequent of (14. 9|) . since for each variable 
Pi in -li/i, aJT — v{pi). If -li/; has the form (|4.5|l . the argument is similar. 

(<^) We show that, if H is satisfiable, then P is feasible. Specifically, if a 
valuation ?; satisfies H, we show that x = {v{pi) ■ ■ ■v{pn)) is a solution of 
P. To this aim, observe that, during the second stage of the algorithm, there 
are two cases in which the linear program P is expanded with new constraints 
corresponding to ^HiS. 

In the first case, -^Hi has the form (|4.2|) or (|4.3|l and there is m G {0, . . . , ^} 
such that q,r £ l{vm). In this case, the graph G at initialization time contains 
a cycle c = (pi, . . . ,Pm,Pi), with q,r £ {pi, . . . ,Pm}. Therefore, a valuation v 
can satisfy H only if [w(pi)J = ••• = [v{pm)\- But in this case, accordingly 
with (|4.7|l and H4.8|l . the valuation v satisfies H only if it satisfies the conditions 
over the decimal parts of pi , . . . , pm. , and, particularly, over the decimal parts 
of q, r. But then, the decimal parts of v satisfies also the constraints added to 
P for the currently examined case. 

In the second case, has the form (|4.4|) or (|4.5|l . and there exist m, m' G 
{0, . . . ,1} such that all the variables of -i/ occur in l{vm), T ^ l{vm), T G /(wm')> 
{vm, Wm') G E and (wm', fm) ^ In this case, the graph G at initialization time 
contains a cycle c involving all the variables of but not T, and each vertex 
labeled by a variable of -iJ is connected to the vertex labeled by T, but the 
converse does not hold. Therefore, a valuation v can satisfy H only evaluating 
each variable with the same integer part. Moreover, by Proposition I3.3f tl. a 
valuation v can satisfy H only assigning integer parts less than +oo to the 
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variables, for otherwise v must satisfy also T ^ a; for all the variables of H, 
which is a contradiction. But then, a valuation v can satisfy H only if it satisfies 
also the antecedent of the implications H4.9|l and 14.10|l , hence such a valuation 
must satisfy the consequent of the implications 14.9|l and H4.10|l . But then, the 
decimal parts of v satisfies also the constraints added to P for the currently 
examined case. □ 

We conclude our argument proving that the problem BL-AX is in fact in P. 

Lemma 4.1. BL-AX G P. 

Proof. The problems of searching graphs for cycles, topologically sort forests 
and checking the feasibility of linear programs are in P. Thus, the termination 
and soundness of CheckAxiom follow from the finiteness of the constructions 
of G and P and Proposition 14. II respectively, and CheckAxiom is a decision 
algorithm for BL-AX. Moreover, both |(G)| and are polynomial in 
for any reasonable binary representation of graphs and matrices, and the con- 
structions involved can be easily implemented in time polynomial in the size of 
the objects built, then CheckAxiom runs in polynomial time in the size |(-ff)| 
of its input (H). We conclude that BL-AX e P. □ 

We remark that, if a leaf H is not valid, the proof of the right direction 
of Proposition 14. II provides an effective means for constructing a countermodel 
of H , which propagates to the root of the reduction tree yielding the following 
countermodel building procedure. 

Let H S RH be a leaf of the RWBL reduction tree of a formula A and 
suppose that the valuation u is a countermodel of H. Let Go, ... , G„ be the 
labels of the nodes along the branch from the root to the leaf labeled by H, where 
H = Gq and G„ is the label of the root. For i = 1, . . . , n, by Proposition lH.3f n]l. 
V is defined on the prepositional variables of G^, and, by the invertibility of the 
rewriting rules, if w is a countermodel of H, then w is a countermodel of G^. 
Particularly, is a countermodel of the root T =5; A, then v satisfies A ^ T. 
Therefore, there is a valuation v such that v{A) < +00, and, by Theorem 12. II 
BLF A. 

5 Decidability and Complexity 

The main goal of this section is to show that the tautology problem of BL is 
decidable in deterministic time 2^^"'\ Also, we show that the problem is coNP- 
complete. In the usual formal languages framework, the tautology decision 
problem of BL is defined as follows. 

Definition 5.1 (BL-TAUT). BL-TAUT = {{A) : BL h A} C {0, 1}*. 

We study first the decidability of BL-TAUT, referring to the algorithm 
CheckTautology described as follows. The algorithm receives in input (the 
encoding of) a formula A and builds the RWBL reduction tree of A. The 
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root of the tree is labeled with the relational hypersequent T =<; ^. The tree is 
built adding children to reducible external nodes, until all external nodes be- 
come irreducible. The main connective of the most complex formula occurring 
in the reducible external node determines the multiplicity and the labels of its 
children. Then, the algorithm checks if all the leaves are axioms and returns a 
positive answer if they are and a negative answer otherwise. 

In order to prove that the algorithm CheckTautology is in fact a decision 
algorithm for BL-TAUT, we must show that, given a formula A, the algorithm 
CheckTautology always terminates, returning a positive answer if A is a BL 
tautology and a negative answer otherwise. 

These properties rely respectively on the finiteness of the reductions, which 
is shown in Lemma 15.11 below, and on the soundness and invertibility of the 
rewriting rules, which is shown in Corollarv l3.1l 

Lemma 5.1. Let A e F with c{A) = n and Ta = (y,E) be the RWBL 
reduction of A. Then, for all leaves u of {Ta), d{u) < n, and h{TA) < n. 

Proof. Let Ai, . . . , An be the n subformulas of A with at least one connective. 
We assume, without loss of generality, that Ai <c ■ ■ ■ <c An- We say for short 
that a node has a subformula if the subformula is a subformula of some of the 
formulas occurring in its label. 

By induction on the depth of the nodes, exploiting Definition 13 . 61 and Def- 
inition we prove that, for all u (1 V, if d{u) — i, then u has at most n — i 
subformulas of A with at least one connective, for some and i < n. For the base 
case, if d{u) = 0, then u is the root. Hence, u has n — = n subformulas of 
A with at least one connective (and < n). For the inductive step, we assume 
that, for all nodes u' G V, if d{u') = i, then u' has at most n — i subformulas of 
A with at least one connective, for some i < n. We must prove that, if a node 
u has depth i -I- 1, then u has at most n — (i + 1) subformulas of A with at least 
one connective, i + 1 < n. If d{u) = i -\- 1, then m is a children of a parent u' 
with d{u') = i and, by inductive hypothesis, u' has at most n — i subformulas 
of A with at least one connective, i < n. Notice that i < n, since u' is not a 
leaf, thus, by the construction of Definition 13.71 u has at least subformula of 
A with at least one connective less than its parent u', that is, u has at most 
(n — i) — 1 = n — (i + 1) subformulas of A with at least one connective, where 
i + l<n. 

Now, consider a leaf u of {Ta) and suppose, for a contradiction, that d{u) = 
m, for some m > n. Then u would have n — m subformulas of A with at least 
one connective, but < n — m < 0, which is a contradiction. Thus, for all leaves 
u of {Ta), d{u) < n. But the height of T4 is equal to the largest depth of any 
leaf in the tree, hence h{TA) < n. □ 

We can conclude that CheckTautology decides BL-TAUT. 

Theorem 5.1. Let A be a formula. Then, A G BL-TAUT if and only the 
algorithm CheckTautology outputs "Yes" on input {A). 
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Now, we study the complexity of BL-TAUT. For this purpose, we show that 
the overall size of a reduction tree is exponential in the size of the root, but the 
size of each branch is polynomial in the size of the root. 

Lemma 5.2. Let A e F with c{A) ^ n, Ta ^ iV,E) be the RWBL reduction 
of A and b uTa 's branch. Then \ {b)\ ^ 0{n^) and \{Ta)\ ^ 20("). 

Proof. Let b — (uq, ui, . . . , m„) be a branch of Ta of maximal length (recall 
Lemma I^T^I . where uq is the root of T^. We must compute the size of the labels 
lo, . . . Jn of the nodes uq, . . . ,Un of 6. For this purpose, we represent the labels 
by the rows of a lower triangular matrix of relational hypersequents 



L 



( ai,i ... \ 

02,1 02,2 ... 

\an+l,l an + 1,2 ... an+l,n+l/ 



^^("+l)x(«+l) ^5-^) 



in the sense that the label Iq of the node uq is ai^i, the label li of the node ui 
is a2,i|a2,2, and generally the label U-i of the node Ui-i is Oi^ij . . . [a^^i. The 
entries of the matrix are to be interpreted as follows (recall the terminology of 
Definition 13. t)|) . Consider first the entries along the diagonal. The element oi^i 
is the label of Uqi the element 02,2 is the antecedent of the relational hyperse- 
quent labelling ui, and generally the element ai.i, for all 1 < « < n + 1, is the 
antecedent of the relational hypersequents labelling Ui-i. Now, consider the 
entries below the diagonal. The element a2,i is the consequent of the relational 
hypersequent labelling ui, the elements a3,i|a3,2 are the consequent of the rela- 
tional hypersequent labelling 1*2, and generally the elements a^^ij . . . |ai^i_i, for 
all 1 < i < n + 1, are the consequent of the relational hypersequents labelling 
Ui-i. More specifically, with respect to the consequent of ui the element 02,1 
is to be interpreted as the rewriting of the relational hypersequent ai^i, with 
respect to the consequent of U2 the elements 03^1 and 03^2 are to be interpreted 
respectively as the rewriting of the relational hypersequents a2,i and a2,2, and 
generally with respect to the consequent of the elements a^^i, . . . ,ai.i_i, 
for 1 < i < n + 1, are to be interpreted respectively as the rewriting of the 
relational hypersequents a^-i^, . . . , ai_i^i_i. 

Recall that the standard encoding (G) of a relational hypersequent G has 
size 1(G) I = 0(no + ni +712), where no, ni, 77.2 are respectively the occurrences 
of connectives, variables and relations in G. We count T as a variable. Clearly, 
0(|(Gi)| + • • • + |(G„)|) = 0(|(Gi| . . . |G„)|), for Gi, . . . ,G„ G RH. Therefore, 
in order to determine an upper bound on the size of the branch 6, we can inspect 
the matrix L and count the number of connectives, variables and relations that 
occur in b in the worst case. 

First, ai^i is T =<; ^ and it has n connectives, n + 2 variables and 1 relation. 
Thus, the root contributes 2n + 3 to the sum. 

Second, the largest antecedent of b is the antecedent ©4 built upon the 
immediate subformulas of A (that is, applying the rule for with pivot ^4), 



23 



as can be easily verified by counting the number of connectives, variables and 
relations in the rules antecedents (recall Definition 13 . 61 and Notation 13.1(1 . Such 
an antecedent has 6(n — 1) connectives, 6(n+l) + 6 variables and T's occurrences 
and 9 relations, and it contributes 12n + 15 to the sum. We assume that all the 
antecedents of b are sized as the largest one, thus each a^j , for all 1 < i = j < 
n + 1 contributes 12n + 15. 

Third, we observe that the size of the consequent is less than the size of 
the conclusion, with the only exception of the consequent 04, as can be eas- 
ily checked by counting inspecting Definition 13.61 For this reason, we assume 
that 02,1 is the conclusion 04 of the rewriting of ai^i, thus 02,1 has 2{n — 1) 
connectives, 2{n + 1) variables and T's occurrences and 1 relation. Thus, 02,1 
contributes 4n + 1 to the sum. In the following reductions, that is in a^^i for 
2 < z < n + 1, the size of the conclusion is preserved, by the definition of sub- 
stitution given before Definition 13.61 frecall also Example 13. 5|l . Thus, each a^^i, 
for 2 < I < n + 1, contributes at most 4n + 1 to the sum. Moreover, the same 
critical rewriting applied to the largest antecedent previously treated, yields to 
a conclusion having has at most 2 • (6(n — 1) — 1) connectives, 2 • 6(n -I- 1) -I- 6 
variables and T's occurrences and 9 relations, but subsequently the size is pre- 
served. We assume that all the antecedents yield a critical rewriting, thus each 
consequent Qij, for 2 < i < n + 1 and 1 < j < n contributes 24n -I- 13. 

Notice that, in a real case, the rules produce repetitions in the relational hy- 
persequents, which are disregarded by the definition of relational hypersequent. 
The contribute in terms of connectives, variables and relations of each relational 
hypersequent occurring in b is summarized by the following matrix 



S = 



(2n + 30 
4n+l 12n+15 

4n+l 24n+13 12n+15 

\4n +1 24n + 13 24n + 13 



e Z("+l)x(n+l) (5 2) 



12n+ 15/ 



We evaluate the sum s — rii^ -\- n\ ~\- n-i oi all the connectives, variables and 
relations occurring in the relational hypersequents of b by 



2n 



3 + ^ 4n + 1 + ^ Yin + 15 + ^(24n -f 13)(7i - i) 



< (24n -f 13) ^ i -I- 1 



1=0 



< (24n + 13)(7i + 1)2 = 2471^ + 6171^ + 50n + 13 

where the first inequality holds since n > 0. Therefore, we conclude that | (6) | = 
\{lo) \ + ■ • • + = 0{n^) and the first claim holds. 

For the second claim, we observe that, in the worst case, all the leaves of Ta 
have depth n, by Lemma IEtI and all the internal nodes of Ta have degree 5, by 
DefinitionESl thus \V\ = X;Lo ^'^ = 5"+^-l = 2'^("). Moreover, inspecting the 
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size matrix (|5.2II , we observe that the largest relational hypersequent I labelling 
a node u of Ta has a total of at most (24n + 13) (n + 1) connectives, variables 
and relations, thus = 0{n^). Therefore \{Ta)\ = \V\ ■ \(l)\ = 20("). □ 

As a consequence of Lemma 14.11 and Lemma 15.21 above, the running time 
of CheckTautology is bounded from above in 2°'"', hence the problem 
BL-TAUT is in DTIME(20("))_^ 

Consider now the problem BL-TAUT = {(A) : BL F A}. If a formula 
A is not a BL theorem, or tautology, then the algorithm CheckTautology 
outputs "No" , but in this case the RWBL reduction tree of A has at least 
one branch with an invalid leaf, which size is polynomial in the size of A by 
Lemma [5. 21 We regard such a branch as a certificate that the formula A is not 
a BL tautology and we describe a two input polynomial time algorithm, called 
CheckNoTautology, as follows. 

The first input is the standard encoding of a formula A. The second input 
is the encoding of a certificate c, corresponding to the instructions for building 
a branch of the RWBL reduction of A. Particularly, if c{A) = n, then c = 
(mi, . . . , rUn), rrii € {0, . . . , 5}, for all i = 1, . . . , n, and each rrii represents the 
premise for extending the node of depth i — We stipulate for convenience that, 
if rrii = 0, then the node of depth i — 1 has no children, and, if rrii is inconsistent 
with the node of depth i — then the algorithm outputs "No". The algorithm 
builds the branch of the RWBL reduction of A, following the instructions in 
c, and returns a positive answer if the leaf is not valid and a negative answer 
otherwise. 

Corollary 5.1. BL-TAUT e coNP-complete. 

Proof. We show that BL-TAUT e NP. We consider the algorithm CheckNot- 
Tautology, that receives in input a formula A, with c{A) — n, and a certificate 
c of the form (toi, . . . , m„), with rrii € {0, ... ,5} for all i = 1, . . . , n. 

We observe the following facts. First, |(c)| ~ 0{n), since c is a sequence of 
n nonnegative natural numbers, thus the size of c is polynomial in the size of 
A, which is \{A)\ = 0{n) for n — c{A). Second, the size of each Ta branch is 
polynomial in the size of A, by Lemma 15.21 and its adjacency list representation 
of has size Q{\V\ + \E\) = Q{{n + 1) + n) = 0{n). Thus, the whole construction 
of the branch specified by c is feasible polynomial time in the size of A, since 
each step of the construction is feasible polynomial time in the size of the node 
extended. Third, the validity of Tas leaf, by Lemma |4. II is decided polynomial 
time in the size of the leaf, which in turn is polynomial in the size of A. Fourth, 
the adjacency list representation of the branch has size Q{\V\ + \E\) — 6((n -I- 
1) -I- n), thus 0[n). Thus CheckNotTautology terminates in polynomial 
time in the size of the input A. 

Moreover, CheckNotTautology is sound for BL-TAUT. In fact, suppose 
that A is not a BL tautology and that c corresponds to a branch of the re- 
duction tree of A with an invalid leaf. Then, on input {{A), (c)), the algorithm 
CheckNotTautology returns the answer "Yes" in output. Otherwise, if A 
is a BL tautology, there is no certificate c corresponding to a branch of the 
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reduction tree of A with an invalid leaf, thus, on input {{A), (c)), the algorithm 
CheckNotTautology returns the answer "No" in output. 

We show that BL-TAUT is NP-hard. Let LUK-TAUT be t he compl ement 
of the tautology problem of Lukasiewicz logic, which is known IMun87j to be 
NP-hard. It is known |BHMV02I [MPT08j also that, for each formula A, A is 
provable in Lukasiewicz logic if and only if -^^A is provable in BL. Thus, the 
polynomial time algorithm that prefixes a double negation to a formula ^ is a 
reduction of LUK-TA UT to BL-T AUT. 

We conclude that BL-TAUT G NP-complete, thus BL-TAUT is coNP- 
complete. □ 
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